easy-devops 0.1.0

package/dashboard/routes/domains.js

@@ -0,0 +1,300 @@
+import express from 'express';
+import fs from 'fs/promises';
+import { run } from '../../core/shell.js';
+import { loadConfig } from '../../core/config.js';
+import { getDomains, saveDomains, findDomain, createDomain, DOMAIN_DEFAULTS } from '../lib/domains-db.js';
+import { generateConf, getDefaultCertPaths } from '../lib/nginx-conf-generator.js';
+import { getCertExpiry } from '../lib/cert-reader.js';
+
+const router = express.Router();
+
+// ─── shared nginx helpers ─────────────────────────────────────────────────────
+
+const isWindows = process.platform === 'win32';
+
+function getNginxExe(nginxDir) {
+  return isWindows ? `${nginxDir}\\nginx.exe` : 'nginx';
+}
+
+function nginxTestCmd(nginxDir) {
+  const exe = getNginxExe(nginxDir);
+  return isWindows ? `& "${exe}" -t` : 'nginx -t';
+}
+
+function nginxReloadCmd(nginxDir) {
+  const exe = getNginxExe(nginxDir);
+  return isWindows ? `& "${exe}" -s reload` : 'nginx -s reload';
+}
+
+// ─── Validation helpers ───────────────────────────────────────────────────────
+
+function validateDomainName(name) {
+  if (!name || typeof name !== 'string') {
+    return 'name is required';
+  }
+  // Allow wildcards and standard hostnames
+  const validPattern = /^(\*\.)?[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$/;
+  if (!validPattern.test(name) || name.includes('/') || name.includes(' ')) {
+    return 'Invalid domain name format';
+  }
+  return null;
+}
+
+function validatePort(port) {
+  const portNum = Number(port);
+  if (!Number.isInteger(portNum) || portNum < 1 || portNum > 65535) {
+    return 'Invalid port: must be 1-65535';
+  }
+  return null;
+}
+
+function validateUpstreamType(type) {
+  if (type && !['http', 'https', 'ws'].includes(type)) {
+    return 'Invalid upstreamType: must be http, https, or ws';
+  }
+  return null;
+}
+
+function validateMaxBodySize(size) {
+  if (size && !/^\d+[kmgKMG]?$/.test(size)) {
+    return 'Invalid maxBodySize format (e.g., 10m, 1g)';
+  }
+  return null;
+}
+
+function validatePositiveInteger(val, field) {
+  if (val !== undefined && (!Number.isInteger(Number(val)) || Number(val) < 1)) {
+    return `Invalid ${field}: must be a positive integer`;
+  }
+  return null;
+}
+
+// ─── GET /api/domains ─────────────────────────────────────────────────────────
+
+router.get('/', async (_req, res) => {
+  const domains = getDomains();
+  const result = await Promise.all(
+    domains.map(async (domain) => {
+      const { expiry, daysLeft } = await getCertExpiry(domain.name);
+      return { ...domain, certExpiry: expiry, daysLeft };
+    })
+  );
+  res.json(result);
+});
+
+// ─── POST /api/domains ────────────────────────────────────────────────────────
+
+router.post('/', async (req, res) => {
+  const body = req.body ?? {};
+
+  // Validate required fields
+  const nameError = validateDomainName(body.name);
+  if (nameError) {
+    return res.status(400).json({ error: nameError });
+  }
+
+  const portError = validatePort(body.port);
+  if (portError) {
+    return res.status(400).json({ error: portError });
+  }
+
+  // Validate optional fields
+  const upstreamError = validateUpstreamType(body.upstreamType);
+  if (upstreamError) {
+    return res.status(400).json({ error: upstreamError });
+  }
+
+  const maxSizeError = validateMaxBodySize(body.performance?.maxBodySize);
+  if (maxSizeError) {
+    return res.status(400).json({ error: maxSizeError });
+  }
+
+  // Check for duplicate
+  if (findDomain(body.name)) {
+    return res.status(409).json({ error: `Domain already exists: ${body.name}` });
+  }
+
+  // Build domain object with defaults
+  const domain = createDomain({
+    name: body.name,
+    port: Number(body.port),
+    backendHost: body.backendHost ?? DOMAIN_DEFAULTS.backendHost,
+    upstreamType: body.upstreamType ?? DOMAIN_DEFAULTS.upstreamType,
+    www: body.www ?? false,
+    ssl: {
+      enabled: body.ssl?.enabled ?? false,
+      certPath: body.ssl?.certPath ?? '',
+      keyPath: body.ssl?.keyPath ?? '',
+      redirect: body.ssl?.redirect ?? true,
+      hsts: body.ssl?.hsts ?? false,
+      hstsMaxAge: body.ssl?.hstsMaxAge ?? DOMAIN_DEFAULTS.ssl.hstsMaxAge,
+    },
+    performance: {
+      maxBodySize: body.performance?.maxBodySize ?? DOMAIN_DEFAULTS.performance.maxBodySize,
+      readTimeout: body.performance?.readTimeout ?? DOMAIN_DEFAULTS.performance.readTimeout,
+      connectTimeout: body.performance?.connectTimeout ?? DOMAIN_DEFAULTS.performance.connectTimeout,
+      proxyBuffers: body.performance?.proxyBuffers ?? false,
+      gzip: body.performance?.gzip ?? true,
+      gzipTypes: body.performance?.gzipTypes ?? DOMAIN_DEFAULTS.performance.gzipTypes,
+    },
+    security: {
+      rateLimit: body.security?.rateLimit ?? false,
+      rateLimitRate: body.security?.rateLimitRate ?? DOMAIN_DEFAULTS.security.rateLimitRate,
+      rateLimitBurst: body.security?.rateLimitBurst ?? DOMAIN_DEFAULTS.security.rateLimitBurst,
+      securityHeaders: body.security?.securityHeaders ?? false,
+      custom404: body.security?.custom404 ?? false,
+      custom50x: body.security?.custom50x ?? false,
+    },
+    advanced: {
+      accessLog: body.advanced?.accessLog ?? true,
+      customLocations: body.advanced?.customLocations ?? '',
+    },
+  });
+
+  const { nginxDir } = loadConfig();
+
+  try {
+    await generateConf(domain);
+  } catch (err) {
+    return res.status(500).json({ error: 'Failed to write nginx conf', details: err.message });
+  }
+
+  const testResult = await run(nginxTestCmd(nginxDir), { cwd: nginxDir });
+  if (!testResult.success) {
+    try { await fs.unlink(domain.configFile); } catch { /* ignore */ }
+    return res.status(500).json({ error: 'nginx config test failed', output: testResult.stderr || testResult.stdout });
+  }
+
+  const domains = getDomains();
+  domains.push(domain);
+  saveDomains(domains);
+
+  res.status(201).json(domain);
+});
+
+// ─── PUT /api/domains/:name ───────────────────────────────────────────────────
+
+router.put('/:name', async (req, res) => {
+  const { name } = req.params;
+  const existing = findDomain(name);
+  if (!existing) {
+    return res.status(404).json({ error: `Domain not found: ${name}` });
+  }
+
+  const body = req.body ?? {};
+
+  // Validate port if provided
+  if (body.port !== undefined) {
+    const portError = validatePort(body.port);
+    if (portError) {
+      return res.status(400).json({ error: portError });
+    }
+    body.port = Number(body.port);
+  }
+
+  // Validate upstreamType if provided
+  if (body.upstreamType !== undefined) {
+    const upstreamError = validateUpstreamType(body.upstreamType);
+    if (upstreamError) {
+      return res.status(400).json({ error: upstreamError });
+    }
+  }
+
+  // name is immutable — merge everything except name and configFile
+  const { name: _ignored, configFile: _cf, ...updates } = body;
+
+  // Deep merge nested objects
+  const updatedDomain = {
+    ...existing,
+    ...updates,
+    ssl: { ...existing.ssl, ...updates.ssl },
+    performance: { ...existing.performance, ...updates.performance },
+    security: { ...existing.security, ...updates.security },
+    advanced: { ...existing.advanced, ...updates.advanced },
+    updatedAt: new Date().toISOString(),
+  };
+
+  const { nginxDir } = loadConfig();
+  const bakPath = existing.configFile ? `${existing.configFile}.bak` : null;
+
+  // Backup existing conf
+  if (bakPath && existing.configFile) {
+    try {
+      await fs.copyFile(existing.configFile, bakPath);
+    } catch { /* file absent — skip backup */ }
+  }
+
+  try {
+    await generateConf(updatedDomain);
+  } catch (err) {
+    if (bakPath) {
+      try { await fs.copyFile(bakPath, existing.configFile); } catch { /* ignore restore failure */ }
+    }
+    return res.status(500).json({ error: 'Failed to write nginx conf', details: err.message });
+  }
+
+  const testResult = await run(nginxTestCmd(nginxDir), { cwd: nginxDir });
+  if (!testResult.success) {
+    if (bakPath) {
+      try { await fs.rename(bakPath, existing.configFile); } catch { /* ignore */ }
+    }
+    return res.status(500).json({ error: 'nginx config test failed', output: testResult.stderr || testResult.stdout });
+  }
+
+  const domains = getDomains();
+  const idx = domains.findIndex((d) => d.name === name);
+  domains[idx] = updatedDomain;
+  saveDomains(domains);
+
+  res.json(updatedDomain);
+});
+
+// ─── DELETE /api/domains/:name ────────────────────────────────────────────────
+
+router.delete('/:name', async (req, res) => {
+  const { name } = req.params;
+  const domain = findDomain(name);
+  if (!domain) {
+    return res.status(404).json({ error: `Domain not found: ${name}` });
+  }
+
+  if (domain.configFile) {
+    try {
+      await fs.unlink(domain.configFile);
+    } catch (err) {
+      if (err.code !== 'ENOENT') {
+        return res.status(500).json({ error: 'Failed to delete conf file', details: err.message });
+      }
+    }
+  }
+
+  const domains = getDomains().filter((d) => d.name !== name);
+  saveDomains(domains);
+
+  res.json({ message: `Domain deleted: ${name}` });
+});
+
+// ─── POST /api/domains/:name/reload ──────────────────────────────────────────
+
+router.post('/:name/reload', async (req, res) => {
+  const { name } = req.params;
+  if (!findDomain(name)) {
+    return res.status(404).json({ error: `Domain not found: ${name}` });
+  }
+
+  const { nginxDir } = loadConfig();
+
+  const testResult = await run(nginxTestCmd(nginxDir), { cwd: nginxDir });
+  if (!testResult.success) {
+    return res.status(500).json({ error: 'nginx config test failed', output: testResult.stderr || testResult.stdout });
+  }
+
+  const reloadResult = await run(nginxReloadCmd(nginxDir), { cwd: nginxDir });
+  if (!reloadResult.success) {
+    return res.status(500).json({ error: 'nginx reload failed', output: reloadResult.stderr || reloadResult.stdout });
+  }
+
+  res.json({ message: 'nginx reloaded successfully' });
+});
+
+export default router;

package/dashboard/routes/nginx.js

@@ -0,0 +1,151 @@
+import express from 'express';
+import {
+  getStatus,
+  reload,
+  restart,
+  start,
+  stop,
+  test,
+  listConfigs,
+  getConfig,
+  saveConfig,
+  getLogs,
+  NginxNotFoundError,
+  NginxConfigError,
+  InvalidFilenameError,
+} from '../lib/nginx-service.js';
+
+const router = express.Router();
+
+// ─── Error Handler Helper ─────────────────────────────────────────────────────
+
+function handleError(err, res) {
+  if (err instanceof NginxNotFoundError) {
+    return res.status(503).json({ error: 'nginx not installed' });
+  }
+  if (err instanceof NginxConfigError) {
+    return res.status(400).json({ success: false, output: err.output });
+  }
+  if (err instanceof InvalidFilenameError) {
+    return res.status(400).json({ error: 'Invalid filename' });
+  }
+  if (err.code === 'ENOENT') {
+    return res.status(404).json({ error: 'Config file not found' });
+  }
+  return res.status(500).json({ error: 'Internal server error' });
+}
+
+// ─── US1: GET /api/nginx/status ───────────────────────────────────────────────
+
+router.get('/status', async (req, res) => {
+  try {
+    const status = await getStatus();
+    res.json(status);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US2: POST /api/nginx/reload ─────────────────────────────────────────────
+
+router.post('/reload', async (req, res) => {
+  try {
+    const result = await reload();
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US2: POST /api/nginx/restart ────────────────────────────────────────────
+
+router.post('/restart', async (req, res) => {
+  try {
+    const result = await restart();
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US1: POST /api/nginx/start ──────────────────────────────────────────────
+
+router.post('/start', async (req, res) => {
+  try {
+    const result = await start();
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US1: POST /api/nginx/stop ───────────────────────────────────────────────
+
+router.post('/stop', async (req, res) => {
+  try {
+    const result = await stop();
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US3: POST /api/nginx/test ───────────────────────────────────────────────
+
+router.post('/test', async (req, res) => {
+  try {
+    const result = await test();
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US4: GET /api/nginx/configs ─────────────────────────────────────────────
+
+router.get('/configs', async (req, res) => {
+  try {
+    const configs = await listConfigs();
+    res.json(configs);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US4: GET /api/nginx/config/:filename ────────────────────────────────────
+
+router.get('/config/:filename', async (req, res) => {
+  try {
+    const result = await getConfig(req.params.filename);
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US4: POST /api/nginx/config/:filename ───────────────────────────────────
+
+router.post('/config/:filename', async (req, res) => {
+  if (typeof req.body.content !== 'string') {
+    return res.status(400).json({ error: 'content must be a string' });
+  }
+  try {
+    const result = await saveConfig(req.params.filename, req.body.content);
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+// ─── US5: GET /api/nginx/logs ────────────────────────────────────────────────
+
+router.get('/logs', async (req, res) => {
+  try {
+    const result = await getLogs(100);
+    res.json(result);
+  } catch (err) {
+    handleError(err, res);
+  }
+});
+
+export default router;

package/dashboard/routes/settings.js

@@ -0,0 +1,78 @@
+import express from 'express';
+import { loadConfig, saveConfig } from '../../core/config.js';
+
+const router = express.Router();
+
+// ─── GET /api/settings ─────────────────────────────────────────────────────
+
+router.get('/settings', (req, res) => {
+  try {
+    const config = loadConfig();
+    // Never return the password (write-only field)
+    const { dashboardPort, nginxDir, certbotDir } = config;
+    res.json({
+      dashboardPort,
+      nginxDir,
+      certbotDir,
+      platform: process.platform === 'win32' ? 'win32' : 'linux',
+    });
+  } catch (err) {
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// ─── POST /api/settings ────────────────────────────────────────────────────
+
+router.post('/settings', (req, res) => {
+  try {
+    const { dashboardPort, dashboardPassword, nginxDir, certbotDir } = req.body;
+
+    // Validate port if provided
+    if (dashboardPort !== undefined) {
+      const port = parseInt(dashboardPort, 10);
+      if (isNaN(port) || port < 1 || port > 65535) {
+        return res.status(400).json({ error: 'Invalid port number' });
+      }
+    }
+
+    // Validate password if provided
+    if (dashboardPassword !== undefined && typeof dashboardPassword !== 'string') {
+      return res.status(400).json({ error: 'Password must be a string' });
+    }
+
+    // Validate directories if provided
+    if (nginxDir !== undefined && (typeof nginxDir !== 'string' || nginxDir.trim() === '')) {
+      return res.status(400).json({ error: 'Nginx directory must be a non-empty string' });
+    }
+
+    if (certbotDir !== undefined && (typeof certbotDir !== 'string' || certbotDir.trim() === '')) {
+      return res.status(400).json({ error: 'Certbot directory must be a non-empty string' });
+    }
+
+    // Load current config and merge updates
+    const currentConfig = loadConfig();
+    const updates = {};
+
+    if (dashboardPort !== undefined) {
+      updates.dashboardPort = parseInt(dashboardPort, 10);
+    }
+    if (dashboardPassword !== undefined) {
+      updates.dashboardPassword = dashboardPassword;
+    }
+    if (nginxDir !== undefined) {
+      updates.nginxDir = nginxDir.trim();
+    }
+    if (certbotDir !== undefined) {
+      updates.certbotDir = certbotDir.trim();
+    }
+
+    const newConfig = { ...currentConfig, ...updates };
+    saveConfig(newConfig);
+
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router;

package/dashboard/routes/ssl.js

@@ -0,0 +1,105 @@
+import express from 'express';
+import { run } from '../../core/shell.js';
+import { listAllCerts } from '../lib/cert-reader.js';
+
+const router = express.Router();
+
+const CERTBOT_WIN_EXE = 'C:\\Program Files\\Certbot\\bin\\certbot.exe';
+
+// Returns the PS-safe certbot invocation string, or null if not installed.
+async function getCertbotCmd() {
+  if (process.platform !== 'win32') {
+    const r = await run('certbot --version', { timeout: 10000 });
+    return r.success ? 'certbot' : null;
+  }
+
+  // Try PATH first
+  const whereResult = await run('where.exe certbot', { timeout: 5000 });
+  if (whereResult.success && whereResult.stdout.trim()) return 'certbot';
+
+  // Check known Windows install location
+  const testResult = await run(`Test-Path "${CERTBOT_WIN_EXE}"`, { timeout: 5000 });
+  if (testResult.stdout.trim() === 'True') return `& "${CERTBOT_WIN_EXE}"`;
+
+  return null;
+}
+
+async function renewDomain(domain, certbotCmd) {
+  if (process.platform === 'win32') {
+    const certResult = await run(
+      `${certbotCmd} certonly --standalone --non-interactive --agree-tos -d ${domain}`,
+      { timeout: 120000 }
+    );
+    const output = [certResult.stdout, certResult.stderr].filter(Boolean).join('\n').trim();
+    return { success: certResult.success, output };
+  }
+
+  await run('systemctl stop nginx', { timeout: 15000 });
+  let certResult;
+  try {
+    certResult = await run(
+      `${certbotCmd} certonly --standalone --non-interactive --agree-tos -d ${domain}`,
+      { timeout: 120000 }
+    );
+  } finally {
+    await run('systemctl start nginx', { timeout: 15000 });
+  }
+  const output = [certResult.stdout, certResult.stderr].filter(Boolean).join('\n').trim();
+  return { success: certResult.success, output };
+}
+
+router.get('/', async (req, res) => {
+  const certbotCmd = await getCertbotCmd();
+  if (!certbotCmd) {
+    return res.status(503).json({
+      error: 'certbot not installed',
+      instructions: 'Install certbot: https://certbot.eff.org/instructions',
+    });
+  }
+  const certs = await listAllCerts();
+  res.json(certs);
+});
+
+router.post('/renew/:domain', async (req, res) => {
+  const certbotCmd = await getCertbotCmd();
+  if (!certbotCmd) {
+    return res.status(503).json({
+      error: 'certbot not installed',
+      instructions: 'Install certbot: https://certbot.eff.org/instructions',
+    });
+  }
+  const domain = req.params.domain;
+  const certs = await listAllCerts();
+  const found = certs.find(cert => cert.domain === domain);
+  if (!found) {
+    return res.status(404).json({ error: `Domain '${domain}' not found in certbot` });
+  }
+  const result = await renewDomain(domain, certbotCmd);
+  if (result.output.includes('binding to port 80') || result.output.includes('Address already in use')) {
+    return res.status(409).json({
+      error: 'Port 80 is busy',
+      message: 'stop nginx first or use --webroot',
+    });
+  }
+  res.json({ success: result.success, output: result.output });
+});
+
+router.post('/renew-all', async (req, res) => {
+  const certbotCmd = await getCertbotCmd();
+  if (!certbotCmd) {
+    return res.status(503).json({
+      error: 'certbot not installed',
+      instructions: 'Install certbot: https://certbot.eff.org/instructions',
+    });
+  }
+  const certs = await listAllCerts();
+  const expiring = certs.filter(c => c.daysLeft !== null && c.daysLeft < 30);
+  const results = [];
+  for (const cert of expiring) {
+    const r = await renewDomain(cert.domain, certbotCmd);
+    results.push({ domain: cert.domain, success: r.success, output: r.output });
+  }
+  res.json(results);
+});
+
+export default router;